Example 11 with AuthenticationManagerBuilder
use of org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder in project gravitee-management-rest-api by gravitee-io.
the class LdapAuthenticationProvider method configure.
@Override
public SecurityConfigurer configure() throws Exception {
LOGGER.info("Configuring an LDAP Identity Provider");
LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder> ldapAuthenticationProviderConfigurer = new LdapAuthenticationProviderConfigurer<>();
// Create LDAP context
DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(environment.getProperty("context-source-url"));
contextSource.setBase(environment.getProperty("context-source-base"));
contextSource.setUserDn(environment.getProperty("context-source-username"));
contextSource.setPassword(environment.getProperty("context-source-password"));
contextSource.afterPropertiesSet();
String userDNPattern = environment.getProperty("user-dn-pattern");
if (userDNPattern == null || userDNPattern.isEmpty()) {
ldapAuthenticationProviderConfigurer.userSearchBase(environment.getProperty("user-search-base")).userSearchFilter(environment.getProperty("user-search-filter"));
} else {
ldapAuthenticationProviderConfigurer.userDnPatterns(userDNPattern);
}
ldapAuthenticationProviderConfigurer.groupSearchBase(environment.getProperty("group-search-base", "")).groupSearchFilter(environment.getProperty("group-search-filter", "(uniqueMember={0})")).groupRoleAttribute(environment.getProperty("group-role-attribute", "cn")).rolePrefix("");
DefaultLdapAuthoritiesPopulator populator = new DefaultLdapAuthoritiesPopulator(contextSource, environment.getProperty("group-search-base", ""));
populator.setRolePrefix("");
ldapAuthenticationProviderConfigurer.ldapAuthoritiesPopulator(populator).contextSource(contextSource);
// set up LDAP mapper
UserDetailsContextPropertiesMapper userDetailsContextPropertiesMapper = new UserDetailsContextPropertiesMapper();
userDetailsContextPropertiesMapper.setEnvironment(environment);
userDetailsContextPropertiesMapper.afterPropertiesSet();
ldapAuthenticationProviderConfigurer.userDetailsContextMapper(userDetailsContextPropertiesMapper);
return ldapAuthenticationProviderConfigurer;
}
Also used :
DefaultSpringSecurityContextSource(org.springframework.security.ldap.DefaultSpringSecurityContextSource)
AuthenticationManagerBuilder(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder)
DefaultLdapAuthoritiesPopulator(org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator)
Example 12 with AuthenticationManagerBuilder
use of org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder in project spring-security by spring-projects.
the class HttpSecurityConfiguration method httpSecurity.
@Bean(HTTPSECURITY_BEAN_NAME)
@Scope("prototype")
HttpSecurity httpSecurity() throws Exception {
WebSecurityConfigurerAdapter.LazyPasswordEncoder passwordEncoder = new WebSecurityConfigurerAdapter.LazyPasswordEncoder(this.context);
AuthenticationManagerBuilder authenticationBuilder = new WebSecurityConfigurerAdapter.DefaultPasswordEncoderAuthenticationManagerBuilder(this.objectPostProcessor, passwordEncoder);
authenticationBuilder.parentAuthenticationManager(authenticationManager());
HttpSecurity http = new HttpSecurity(this.objectPostProcessor, authenticationBuilder, createSharedObjects());
// @formatter:off
http.csrf(withDefaults()).addFilter(new WebAsyncManagerIntegrationFilter()).exceptionHandling(withDefaults()).headers(withDefaults()).sessionManagement(withDefaults()).securityContext(withDefaults()).requestCache(withDefaults()).anonymous(withDefaults()).servletApi(withDefaults()).apply(new DefaultLoginPageConfigurer<>());
http.logout(withDefaults());
// @formatter:on
applyDefaultConfigurers(http);
return http;
}
Also used :
HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity)
AuthenticationManagerBuilder(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder)
WebAsyncManagerIntegrationFilter(org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter)
Scope(org.springframework.context.annotation.Scope)
Bean(org.springframework.context.annotation.Bean)
Example 13 with AuthenticationManagerBuilder
use of org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder in project spring-security by spring-projects.
the class GlobalMethodSecurityConfiguration method authenticationManager.
/**
* Allows providing a custom {@link AuthenticationManager}. The default is to use any
* authentication mechanisms registered by
* {@link #configure(AuthenticationManagerBuilder)}. If
* {@link #configure(AuthenticationManagerBuilder)} was not overridden, then an
* {@link AuthenticationManager} is attempted to be autowired by type.
* @return the {@link AuthenticationManager} to use
*/
protected AuthenticationManager authenticationManager() throws Exception {
if (this.authenticationManager == null) {
DefaultAuthenticationEventPublisher eventPublisher = this.objectPostProcessor.postProcess(new DefaultAuthenticationEventPublisher());
this.auth = new AuthenticationManagerBuilder(this.objectPostProcessor);
this.auth.authenticationEventPublisher(eventPublisher);
configure(this.auth);
this.authenticationManager = (this.disableAuthenticationRegistry) ? getAuthenticationConfiguration().getAuthenticationManager() : this.auth.build();
}
return this.authenticationManager;
}
Also used :
DefaultAuthenticationEventPublisher(org.springframework.security.authentication.DefaultAuthenticationEventPublisher)
AuthenticationManagerBuilder(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder)
Example 14 with AuthenticationManagerBuilder
use of org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder in project spring-security by spring-projects.
the class AuthenticationManagerBuilderTests method buildWhenAddAuthenticationProviderThenDoesNotPerformRegistration.
@Test
public void buildWhenAddAuthenticationProviderThenDoesNotPerformRegistration() throws Exception {
ObjectPostProcessor<Object> opp = mock(ObjectPostProcessor.class);
AuthenticationProvider provider = mock(AuthenticationProvider.class);
AuthenticationManagerBuilder builder = new AuthenticationManagerBuilder(opp);
builder.authenticationProvider(provider);
builder.build();
verify(opp, never()).postProcess(provider);
}
Also used :
AuthenticationManagerBuilder(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder)
AuthenticationProvider(org.springframework.security.authentication.AuthenticationProvider)
DaoAuthenticationProvider(org.springframework.security.authentication.dao.DaoAuthenticationProvider)
Test(org.junit.jupiter.api.Test)
Example 15 with AuthenticationManagerBuilder
use of org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder in project spring-security by spring-projects.
the class AuthenticationManagerBuilderTests method buildWhenNotConfiguredThenIsConfiguredFalse.
@Test
public void buildWhenNotConfiguredThenIsConfiguredFalse() throws Exception {
ObjectPostProcessor<Object> opp = mock(ObjectPostProcessor.class);
AuthenticationManagerBuilder builder = new AuthenticationManagerBuilder(opp);
builder.build();
assertThat(builder.isConfigured()).isFalse();
}
Also used :
AuthenticationManagerBuilder(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder)
Test(org.junit.jupiter.api.Test)
Aggregations
AuthenticationManagerBuilder (org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder)22
Test (org.junit.jupiter.api.Test)7
Bean (org.springframework.context.annotation.Bean)6
HttpSecurity (org.springframework.security.config.annotation.web.builders.HttpSecurity)5
Autowired (org.springframework.beans.factory.annotation.Autowired)4
AuthenticationProvider (org.springframework.security.authentication.AuthenticationProvider)4
Collection (java.util.Collection)3
List (java.util.List)3
Collectors (java.util.stream.Collectors)3
Logger (org.slf4j.Logger)3
LoggerFactory (org.slf4j.LoggerFactory)3
Configuration (org.springframework.context.annotation.Configuration)3
Profile (org.springframework.context.annotation.Profile)3
ConfigurableEnvironment (org.springframework.core.env.ConfigurableEnvironment)3
HttpMethod (org.springframework.http.HttpMethod)3
DefaultSpringSecurityContextSource (org.springframework.security.ldap.DefaultSpringSecurityContextSource)3
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)2
EventManager (io.gravitee.common.event.EventManager)2
IdentityProvider (io.gravitee.rest.api.idp.api.IdentityProvider)2
IdentityProviderManager (io.gravitee.rest.api.idp.core.plugin.IdentityProviderManager)2
